Controlling Access to SSH on IBM i
The Secure Shell (SSH) is a popular way for administrators to securely connect to IBM i, but it’s likely you don’t want just anyone using SSH. Carol discusses how you can control which users are allowed to use SSH.
SSH clients are readily available from the Internet, so unless you’re controlling what can be installed on your users’ desktops, an SSH client such as PuTTY can be download, installed, and in use in just minutes. One of the popular features of most SSH clients is the file transfer capability. The secure connection capabilities of SSH clients provide an alternative to unencrypted FTP connections. This feature may not seem like a security exposure and shouldn’t be if you’ve implemented object-level security. But if you’re like many IBM i organizations that haven’t taken this step or rely on exit point technologies to secure your critical files, you’ve got an issue. (Note: IBM has not provided an exit point for the SSH daemon, and attempting to control access via the Sockets exit is tenuous at best.)